It is important that users have access to the business data, software code, or accounting data on the network. They need access to the data to get their work done, and the organization needs to be operational 24 hours a day, seven days a week. Managing user data using folder redirection, group policy, offline files, and synchronization can help increase the network reliability and the availability of data. It can also reduce the time it takes to restore data in the event of hardware or software failures.
You want to make access to the data that each user and group requires invisible and seamless, and at the same time provide the most efficient process for restoring the data in case of a failure. Managing user data for fault tolerance and to reduce the amount of administrative load is accomplished using the Intellimirror technology. This technology allows users to have their data available to them regardless of which operating system (Windows 2000, Windows XP, or Windows Server 2003) and computer they log on. Using a combination of folder redirection, offline files, group policy, and synchronization, user data can be made available efficiently and reliably.
One useful approach to managing user data is folder redirection. In this process, the administrator uses group policy to configure where on the network the user's data, for example, the My Documents folder, is saved. This data is synchronized between the network storage site and the local copies in the background. This allows the user to change machines or to work offline and always have the same data available.
Using Group Policy, you can redirect four different folders: Application Data, Desktop, My Documents, and Start Menu. Before configuring the policy, however, you must first create a share to hold the user data. Create the share on a file server and configure the share so that the special group Everyone can List Contents, Read, and Write to it. Once you do this, you can configure group policy settings in order to implement folder redirection.
Note
Are you wondering what happens if the user's computer fails and folder redirection is in effect? Because the data is stored on the network server, if the user's local computer has a disk failure the network-stored data will not be lost and can be accessed from a different machine or from the original machine once it is rebuilt.
Folder redirection for domain users can be set in the domain policy or at an OU level. In Active Directory Users And Computers, right-click the domain or OU for which you want to implement folder redirection, and then select Properties. On the Group Policy tab, select the group policy you want to work with, and then click Edit. This displays the Group Policy Object Editor. In the Group Policy Object Editor, expand User ConfigurationWindows SettingsFolder Redirection. As Figure 37-12 shows, the four folders that can be redirected are listed separately. This allows you to configure redirection of each folder separately.
In the Group Policy Object Editor, right-click the folder you want to redirect, and then select Properties. The default tab for the Properties dialog box is the Target tab. The Setting option of this tab provides three choices for configuring how folder redirection behaves. You can select from the following choices:
Not Configured Use this setting to disable redirection of the selected folder.
Basic—Redirect Everyone's Folder To The Same Location Use this setting to designate one location where all the related folders for users will be redirected. This would normally be a share on a server that is part of the daily backup schedule. The redirected folder data would then be available in the event of a disk crash. In most cases, the individual user folders will then be a subfolder of the designated folder. For example, if you wanted the My Documents folders for all users to be redirected to \CorpSvr15UserData, this folder would contain subfolders for each domain user, and the user's My Documents data would be stored in the appropriate subfolder.
Advanced—Specify Locations For Various User Groups Use this setting if you want to set different user data locations for various groups. If you select this option, you can set an alternative target folder location for each group. Depending on the size of your network and domain, and its business model, this may be beneficial. You could, for example, set different folders for the Sales, Engineering, and Customer Service groups.
Note
Remember, the group policy you are working with only applies to user accounts that are in the container for which you are configuring Group Policy. So if you set a redirection policy for a user account that isn't defined in the domain or OU you are working with, the user's data will not be redirected.
If you choose basic redirection, the Target tab is updated, as shown in Figure 37-13, and you have the following options:
Redirect To The User's Home Folder This setting applies only to redirection of a user's My Documents Folder. If you have configured the user's home folder in their account properties, you can use this setting to redirect the My Documents folder to the home folder. Use this setting only if the home folder has already been created.
Create Folder For Each User Under The Root Path This is a common setting. It appends the user's name to the file share created on a file server, allowing a folder to be created automatically under the file share root path for each user. The folder name is based on the %UserName% variable. This option is not available with redirection of the Start Menu.
Redirect To The Following Location This setting allows you to specify a root path to a file share and folder location for each user. If you add %UserName% to the path, you can create individual folders for each user as in the previous option. If you do not include a user-specific environment variable, all the users are redirected to the same folder.
Redirect To The Local User Profile Location This setting causes the default location of the user's profile to be used as the location for the user data. This is the default configuration if no redirection policies are enabled. If you use this option, the folders are not redirected to a network share and you essentially undo folder redirection. This option is not available with redirection of the Start menu.
If you choose advanced redirection, the Target tab is updated so that you can define different redirection settings for different groups of users. Click Add to display the Specify Group And Location dialog box shown in Figure 37-14.
Figure 37-14. Configure advanced folder redirection to define different redirection settings for different groups
In the Specify Group And Location dialog box, click Browse to display the Select Group dialog box. Type the name of a group account in the selected container, and then click Check Names. When a single match is found, the dialog box is automatically updated as appropriate and the entry is underlined. When you click OK, the group is added to the Security Group Membership list in the Specify Group And Location dialog box. You now have the same options for setting the Target Folder Location and the Root Path as you have with basic redirection. When you are finished configuring these options, click OK. You can then repeat this process to configure the redirection of the selected folder for other groups.
Offline files offer another way to manage user data. Think about how many of your users travel with their computers and may not be able to have a network connection to needed data. Using offline files in conjunction with folder redirection and synchronization, you ensure that user data will be available and consistent. To use offline files with folder redirection, you simply enable offline files on the shares created for redirection. By default, when you create shares, only the files and programs that users specify will be available for offline use. You can change this configuration so that all files and programs that users open from a share are automatically available offline. Or you can configure the share so that files and programs will not be available offline.
Note
Offline files work by storing client data and documents in the file system cache on the client computer, making the data and documents available if there is no network connection.
The quickest way to configure offline files is to use Computer Management. After you start Computer Management and connect to the computer you want to work with, expand System Tools and Shared Folders, and then select Shares to display the current shares on the system you are working with.
You can then configure offline settings for a shared folder by right-clicking the share in the details pane, and then selecting Properties. In the share's Properties dialog box, click Offline Settings on the General tab to display the Offline Settings dialog box. As shown in Figure 37-15, there are three settings:
Only The Files And Programs That Users Specify Will Be Available Offline. This allows the user to decide which files will be available offline and is the default setting.
All Files And Programs That Users Open From The Share Will Be Automatically Available Offline. If a user opens a file from a share, this setting makes it automatically available offline. The subsetting, Optimized For Performance, allows programs and application data to be available offline as well. Checking this box will help network performance when applications are run over the network. Clear this box if you are not going to use folder redirection or offline files for application data.
Files Or Programs From The Share Will Not Be Available Offline. This setting blocks users from storing files on the client computer for offline use.
You can configure offline files for users on a client by completing the following steps:
Start Windows Explorer by right-clicking My Computer and selecting Explore.
Select Folder Options from the Tools menu. In the Folder Options dialog box, select the Offline Files tab, as shown in Figure 37-16.
Select the Enable Offline Files check box. Offline files are now enabled on the client.
The Folder Options dialog box has a number of settings you can configure:
The setting Synchronize All Offline Files When Logging On does a full synchronization when the user logs on. This synchronization is designed to ensure that any changes made to files while the user is offline are saved to the network share and that the most recent versions of files are on the user's computer. If you don't select this option, a quick synchronization is performed when the user logs on. With a quick synchronization, the files are checked to ensure that they exist both on the network share and in the file cache, but the data isn't compared to see if it is current.
The setting Synchronize All Offline Files Before Logging Off performs a full synchronization when logging off and provides a complete version of the data. This synchronization is designed to ensure that any changes made to files while the user is logged on to the network are written back to the network share before the user logs off. If you don't select this option, a quick synchronization is performed when the user logs off. With a quick synchronization, the files are checked to ensure that they exist both on the network share and in the file cache, but the data isn't compared to see if it is current.
The setting Display A Reminder Every … Minutes displays reminder balloons over the notification area at an interval that you specify whenever the computer is offline. As this can be distracting, you may want to set a long interval or disable this option.
The setting Create An Offline Files Shortcut On The Desktop places a shortcut to the Offline Files folder on the desktop.
The setting Encrypt Offline Files To Secure Data enables encryption for offline files. Only files on the local machine are encrypted, and files are not encrypted during movement across the network. Keep in mind that encryption requires the system partition to be formatted using NTFS and that only Administrators can enable encryption. Because some applications create temporary files in other folders, you might want to encrypt the working folders as well.
The Advanced button configures how the computer behaves when network connectivity is lost, either allowing the user to continue to work offline or not allowing offline work to continue.
Group policy can manage access and configuration of offline files more efficiently than the methods mentioned previously. You can use Offline Files to manage the most common user data, including Application Data, My Documents, the Start Menu, and the Desktop. Offline Files policy objects are located in Computer ConfigurationAdministrative TemplatesNetwork Offline Files, and in User ConfigurationAdministrative TemplatesNetworkOffline Files.
When you use Group Policy to manage user data via Offline Files, be aware that precedence and dependencies are varied. For example: If you enable Prohibit User Configuration Of Offline Files in User Configuration, but enable it in Computer Configuration, offline files will be enabled, because the Computer Configuration setting has precedence over the User Configuration setting.
When you are managing files in a network using folder redirection or offline files, you need to make sure that the files on the network share remain synchronized with the files on the user's system. This allows you to ensure availability and that the latest version of the user's data is stored and available. Full synchronization provides the latest version, whereas Quick synchronization provides a complete version of the user data but not necessarily the most current version. By configuring the synchronization in Group Policy, you can ensure a full synchronization for either a logging on or logging off scenario.
There are three times for configuring Offline Files caching on a workstation:
Logging on or off by the user
Scheduled times
During specific intervals of idleness on the computer
You will need to configure synchronization of redirected or offline files by using the Synchronization Manager. You run the Synchronization Manager using the Run dialog box. Click Start, and then select Run. In the Run dialog box, type mobsync and then click OK. This will display the Items To Synchronize dialog box, which you can use to manually synchronize folders and files and configure the Synchronization settings for each folder or file that is configured for offline use. If you click the Setup button, you see the three tabs representing the settings for automatic synchronization:
To have synchronization performed during logging on or off (or both), select the Logon/Logoff tab, and set the When I Log On To My Computer and When I Log Off My Computer options.
On the On Idle tab, click the Advanced button to configure how long your computer is idle before synchronization is executed and how often after your computer remains idle synchronization is repeated. For laptop support, a check box can be selected to prevent synchronization when running on a battery.
The Scheduled tab allows you to schedule synchronization. Click Add to start the Scheduled Synchronization Wizard and schedule synchronization much like any other scheduled task.